After J.P. Morgan breach, should customers move their money?

The hack attack on J.P. Morgan Chase exposed the personal information of more than two-thirds of U.S. households. The country’s largest bank is a valuable target for cybercriminals, opening up the question: Is your money safer elsewhere?

Probably not. J.P. Morgan
JPM, +1.25%
may to cybercriminals look like the goose that lays the golden eggs, but experts warn that smaller banks are even more vulnerable, given their lower defenses.

“A smaller organization, they certainly don’t have the people resources or the dollar resources to put in place the defense that J.P. Morgan has put in place. They are more at risk,” says John Prisco, chief executive of the Rockville, Md.-based security firm Triumfant, which protects several dozen financial institutions in the eastern U.S., including smaller and retail banks and credit unions. “But they may not be as desirable a target because of the much bigger targets out there.”

J.P. Morgan: No fraud seen from data breach

“Everybody thought that J.P. Morgan was a fortress that could not be penetrated. We don’t have that blissful ignorance anymore,” Prisco says.

Spending on cyber security is akin to dumping money into a black hole. You can buy stronger defenses, pay security companies to ethically hack you in hopes of discovering new vulnerabilities and monitor all your networks to the tune of hundreds of millions of dollars. J.P. Morgan CEO Jamie Dimon wrote in an annual shareholder letter that the bank will spend more than $250 million this year on cybersecurity, and a human investment of 1,000 employees. And he acknowledged in the note that this will be “a continual and likely never-ending battle to stay ahead of it, and unfortunately, not every battle will be won.” Smaller banks have less money and manpower to fight those battles.

J.P. Morgan says hackers didn’t access customers’ financial information — just names, email and mailing addresses, phone numbers and “internal JPMorgan Chase information relating to such users,” the company said in a government filing. Chase customers can take solace in the fact that as far as the bank knows, account data is safe. Still, people should remain on guard for phishing scams, as fraudsters may impersonate the bank and contact customers to try to gain more information or money.

It’s probably less than appealing to consider moving your cash from a bank account to a briefcase.

Members 1st Federal Credit Union

A software administrator at the Members 1st Federal Credit Union in central Pennsylvania hacked the firm’s computers to change account records and transfer bank funds into his own accounts. The employee, Kim Allen Heim, was arraigned on three counts of theft by deception, unlawful use of a computer, tampering with records and computer trespass.

Pentagon Federal Credit Union

PenFed, whose members include government employees and military personnel, discovered that a laptop was hacked. The incident exposed names, addresses, Social Security numbers, account numbers and credit and debit card numbers or PenFed members, joint owners, former members, employees and beneficiaries.

Scope: The credit union, which now has 1.3 million members, did not disclose the size of the breach. New Hampshire’s attorney general said it involved 514 residents of that state. The security firm Kaspersky estimated that tens of thousands of customers were affected.

Federal Reserve

The hacktivist group Anonymous struck the Federal Reserve’s website last year. The central bank said hackers accessed personal information for 4,000 U.S. bankers through a vulnerability that the Fed then resolved.

Mortgage Rates

Powered by

This advertisement is provided by Bankrate, which compiles rate data from more than 4,800 financial institutions. Bankrate is paid by financial institutions whenever users click on display advertisements or on rate table listings enhanced with features like logos, navigation links, and toll free numbers. Dow Jones receives a share of these revenues when users click on a paid placement.

Intraday Data provided by SIX Financial Information and subject to terms of use.
Historical and current end-of-day data provided by SIX Financial Information. Intraday data
delayed per exchange requirements. S&P/Dow Jones Indices (SM) from Dow Jones & Company, Inc.
All quotes are in local exchange time. Real time last sale data provided by NASDAQ. More
information on NASDAQ traded symbols and their current financial status. Intraday
data delayed 15 minutes for Nasdaq, and 20 minutes for other exchanges. S&P/Dow Jones Indices (SM)
from Dow Jones & Company, Inc. SEHK intraday data is provided by SIX Financial Information and is
at least 60-minutes delayed. All quotes are in local exchange time.